I have been entering various passwords into SyncBack over the last few weeks which made wonder how they are stored, so to reassure myself I decide to see if I could find where there are stored, hoping that I could not. So I was surprised that within a couple of minutes I had found where they stored. It was then concerning to find a direction relation in the way they are stored and the number of characters in the password. This made me wonder how strong the encryption was and within 10 to 15 minutes I had worked out the encryption method. I could now decode all the passwords stored within SyncBack. I then when to a different system and found that I could also decode all the passwords stored within SyncBack on that system too.
This is not good.
The encryption should be much stronger, the password should be mixed and padded with a significant amount of random data and lastly it should be less obvious where they are stored (having the word password on the same line as the encrypted password just makes to easy to find).
Andrew.
This is not good.
The encryption should be much stronger, the password should be mixed and padded with a significant amount of random data and lastly it should be less obvious where they are stored (having the word password on the same line as the encrypted password just makes to easy to find).
Andrew.